Spiral1401
commented
4 years ago I realize now that 2.2.171 > 2.1.266. That's on me for focusing on the rev number. But, then, should this issue not be fixed? Any idea why I might still be seeing this?
Open Spiral1401 opened 4 years ago
Spiral1401
commented
4 years ago I realize now that 2.2.171 > 2.1.266. That's on me for focusing on the rev number. But, then, should this issue not be fixed? Any idea why I might still be seeing this?
codehippie1
commented
4 years ago @Spiral1401 Have you tried trying using pdfjs directly? What are the results? Also can you try directly at PDFJS site here : https://mozilla.github.io/pdf.js/web/viewer.html
zakhenry
commented
3 years ago @codehippie1 the https://mozilla.github.io/pdf.js/web/viewer.html works, but that is expected as it does not have a content security policy in either the headers or the html head
ZsuzsaPetho
commented
2 years ago PDF.js has two versions. One for all the browsers (old ones as well) and one for only newer versions. The problem is with polyfills and only the version with older browsers has it. Would it be possible to have two version from this library as well? so those who only develop for newer browsers could use the one with stricter security settings.
dbaggott
commented
2 years ago @ZsuzsaPetho @Spiral1401, have either of you found a work-around that doesn't require adding unsafe-eval to CSP headers?
dbaggott
commented
2 years ago For anyone who comes here in the future, we switched to https://www.npmjs.com/package/ngx-extended-pdf-viewer
JanMann89
commented
1 year ago Any updates or workarounds? ngx-extended-pdf-viewer unfortunately has quality issues while showing bitmaps inside the pdf that ng2-pdfjs-viewer does not have. So I would actually prefer using this package, but I will not enable unsafe-eval :-/
lucasnguyen3979
commented
3 months ago Any updates or workarounds? ngx-extended-pdf-viewer unfortunately has quality issues while showing bitmaps inside the pdf that ng2-pdfjs-viewer does not have. So I would actually prefer using this package, but I will not enable unsafe-eval :-/
There is no update for CSP :(
timothyBrake
commented
2 weeks ago In 2024 it's considered a no-go if you need to add unsafe-eval in CSP headers. ANY update would be very appreciated here be bring this project in 2024. Most likely an update of pdfs would fix it.
Seeing this error in my application - I noticed there is a ticket asking for the problem to be posted in the pdf.js issue tracker, but it appears at this point that pdf.js has solved the issue in version 2.1.266. The version of pdf.js within ng2-pdfjs-viewer seems to be 2.2.171 (not sure if I am looking at the right place).
Is it relatively simple to update this? Looks like they host a pre-built pdf.js out there so I will give it a shot in my application the meantime.
Thank you